Security News > 2021 > September > Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
"Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.
Exploiting the use of weak and default remote access passwords as well as through unpatched vulnerabilities, the botnet propagates by infecting routers and digital video recorders to co-opt the devices into an IoT botnet, which could be abused for launching distributed denial-of-service attacks, data exfiltration, and payload execution.
Now according to Netlab, the Mozi authors also packed in additional upgrades, which includes a mining trojan that spreads in a worm-like fashion through weak FTP and SSH passwords, expanding on the botnet's features by following a plug-in like approach to designing custom tag commands for different functional nodes.
What's more, Mozi's reliance on a BitTorrent-like Distributed Hash Table to communicate with other nodes in the botnet instead of a centralized command-and-control server allows it to function unimpeded, making it difficult to remotely activate a kill switch and render the malware ineffective on compromised hosts.
"The Mozi botnet samples have stopped updating for quite some time, but this does not mean that the threat posed by Mozi has ended," the researchers cautioned.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Q2u5nz4MrzI/chinese-authorities-arrest-hackers.html
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- IoT Devices in Password-Spraying Botnet (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)